HIPAA compliance is the most important consideration for medical billing specialists. Billers work with personal, confidential and sensitive patient information and they’re tasked with protecting that data. In this informative article, Nitin Chhoda shares the 18-point HIPAA protected list and how it affects billers and practices.


The privacy laws encompass the way patient records are stored, disclosed and transmitted according to electronic data interchange (EDI) standards.

To accomplish this, integrated electronic medical record (EMR) software is essential. It contains a myriad of security safeguards, along with the ability to identify potential problems with reimbursement claims.

Practices, billers, clearinghouses and healthcare insurance providers that fail to take appropriate precautions when transmitting claims and working with the information can find themselves facing fines and criminal penalties.

An EMR has the ability to identify security breaches and notify those within the software’s network.

Malpractice Insurance

Disclosing personally identifiable information to any unpermitted outside entity can result in malpractice or negligence litigation. What many in the healthcare industry aren’t aware of is that many standard liability and malpractice insurance policies don’t provide coverage for HIPAA violations. The policies may offer coverage for some risk factors, but few insurers are offering policies that reflect changes in HIPAA privacy laws.

Some Exceptions

There are exceptions to every rule and HIPAA standards indicate that some information can be disclosed if it’s scrubbed or re-identified of personal data. One exception is in the pursuit of medical research. Patients who may want to participate in such studies must provide written authorization.

Clients must be provided with a complete, written explanation of the parameters, along with the knowledge that they can revoke their authorization and how to do so. Data may also be disclosed for public health reasons once all of the 18 elements have been removed.

HIPAA’s Top 18

HIPAA has a list of 18 identifiers within patient records that must be safeguarded. The following is a list of the 18 elements within client records that are covered under the HIPAA privacy rule:

  1. Names
  2. Addresses and geographic locations
  3. Age and/or date of death
  4. Dates of treatments, hospitalizations and admissions
  5. Social Security number
  6. Phone or cell phone numbers
  7. Fax numbers
  8. Email addresses
  9. Medical record numbers
  10. Beneficiary and account numbers
  11. Driver license numbers
  12. Vehicle and serial numbers
  13. Device identifiers
  14. Website URLs
  15. IP addressesHIPAA compliance
  16. Biometric identifiers including fingerprints or voiceprints
  17. Photographic and comparable images
  18. Other personally identifiable information unless permitted through re-identification.

An EMR is a digital link to every facet of a client’s healthcare history and can be accessed by multiple healthcare practice management providers, and offers a superior level of security to safeguard the storage and transmittal of patient records.

It’s essential that any individual or facility that handles client records obtain training and have an in-depth understanding of HIPAA regulations to avoid malpractice lawsuits.